CVE-2019-6181

MEDIUM

Lenovo XClarity Administrator < 2.5.0 - Reflected Cross-Site Scripting via Crafted URL

Title source: llm
STIX 2.1

Description

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-27805

Scores

CVSS v3 6.1
EPSS 0.0027
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
lenovo/xclarity_administrator < 2.5.0
Published Sep 03, 2019
Tracked Since Feb 18, 2026